ws-wss4j-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From wer...@apache.org
Subject svn commit: r279564 - in /webservices/wss4j/trunk/src/org/apache/ws: sandbox/security/trust/message/token/ security/ security/message/ security/message/token/ security/transform/
Date Thu, 08 Sep 2005 13:14:01 GMT
Author: werner
Date: Thu Sep  8 06:13:49 2005
New Revision: 279564

URL: http://svn.apache.org/viewcvs?rev=279564&view=rev
Log:
Fix a problem with IssuerSerial. Should be wrapped by a X509Data element
according to WSS spec. Work with at receiver side with old version (without 
X509Data) too. The sender now wraps it into a X509Data element.

Modified:
    webservices/wss4j/trunk/src/org/apache/ws/sandbox/security/trust/message/token/RequestedProofToken.java
    webservices/wss4j/trunk/src/org/apache/ws/security/WSSecurityEngine.java
    webservices/wss4j/trunk/src/org/apache/ws/security/message/WSEncryptBody.java
    webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSignEnvelope.java
    webservices/wss4j/trunk/src/org/apache/ws/security/message/token/SecurityTokenReference.java
    webservices/wss4j/trunk/src/org/apache/ws/security/transform/STRTransform.java

Modified: webservices/wss4j/trunk/src/org/apache/ws/sandbox/security/trust/message/token/RequestedProofToken.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/sandbox/security/trust/message/token/RequestedProofToken.java?rev=279564&r1=279563&r2=279564&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/sandbox/security/trust/message/token/RequestedProofToken.java
(original)
+++ webservices/wss4j/trunk/src/org/apache/ws/sandbox/security/trust/message/token/RequestedProofToken.java
Thu Sep  8 06:13:49 2005
@@ -36,6 +36,7 @@
 import org.apache.xml.security.encryption.XMLCipher;
 import org.apache.xml.security.encryption.XMLEncryptionException;
 import org.apache.xml.security.keys.KeyInfo;
+import org.apache.xml.security.keys.content.X509Data;
 import org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
@@ -325,7 +326,10 @@
                 break;
 
             case WSConstants.ISSUER_SERIAL:
-                secToken.setX509IssuerSerial(new XMLX509IssuerSerial(doc, remoteCert));
+                XMLX509IssuerSerial data = new XMLX509IssuerSerial(doc, remoteCert);
+                X509Data x509Data = new X509Data(doc); 
+                x509Data.add(data);
+                secToken.setX509IssuerSerial(x509Data);
                 WSSecurityUtil.setNamespace(secToken.getElement(), WSConstants.WSSE_NS, WSConstants.WSSE_PREFIX);
                 break;
 

Modified: webservices/wss4j/trunk/src/org/apache/ws/security/WSSecurityEngine.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/WSSecurityEngine.java?rev=279564&r1=279563&r2=279564&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/WSSecurityEngine.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/WSSecurityEngine.java Thu Sep  8 06:13:49
2005
@@ -518,7 +518,7 @@
 										.toString() });
 					}
 				}
-			} else if (secRef.containsX509IssuerSerial()) {
+			} else if (secRef.containsX509Data() || secRef.containsX509IssuerSerial()) {
 				certs = secRef.getX509IssuerSerial(crypto);
 			} else if (secRef.containsKeyIdentifier()) {
 				certs = secRef.getKeyIdentifier(crypto);
@@ -986,7 +986,7 @@
                 * to issuer name and serial number.
                 * This method is recommended by OASIS WS-S specification, X509 profile
                 */
-                if (secRef.containsX509IssuerSerial()) {
+                if (secRef.containsX509Data() || secRef.containsX509IssuerSerial()) {
                     alias = secRef.getX509IssuerSerialAlias(crypto);
                     if (doDebug) {
                         log.debug("X509IssuerSerial alias: " + alias);

Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/WSEncryptBody.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSEncryptBody.java?rev=279564&r1=279563&r2=279564&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/WSEncryptBody.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/WSEncryptBody.java Thu Sep
 8 06:13:49 2005
@@ -33,6 +33,7 @@
 import org.apache.xml.security.encryption.XMLCipher;
 import org.apache.xml.security.encryption.XMLEncryptionException;
 import org.apache.xml.security.keys.KeyInfo;
+import org.apache.xml.security.keys.content.X509Data;
 import org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
@@ -394,7 +395,10 @@
                 break;
 
             case WSConstants.ISSUER_SERIAL:
-                secToken.setX509IssuerSerial(new XMLX509IssuerSerial(doc, remoteCert));
+                XMLX509IssuerSerial data = new XMLX509IssuerSerial(doc, remoteCert);
+                X509Data x509Data = new X509Data(doc); 
+                x509Data.add(data);
+                secToken.setX509IssuerSerial(x509Data);                
                 break;
 
             case WSConstants.BST_DIRECT_REFERENCE:

Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSignEnvelope.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSignEnvelope.java?rev=279564&r1=279563&r2=279564&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSignEnvelope.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/WSSignEnvelope.java Thu Sep
 8 06:13:49 2005
@@ -39,6 +39,7 @@
 import org.apache.xml.security.keys.content.X509Data;
 import org.apache.xml.security.keys.content.x509.XMLX509Certificate;
 import org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial;
+import org.apache.xml.security.keys.content.X509Data;
 import org.apache.xml.security.signature.XMLSignature;
 import org.apache.xml.security.signature.XMLSignatureException;
 import org.apache.xml.security.transforms.TransformationException;
@@ -492,7 +493,9 @@
 
         case WSConstants.ISSUER_SERIAL:
             XMLX509IssuerSerial data = new XMLX509IssuerSerial(doc, certs[0]);
-            secRef.setX509IssuerSerial(data);
+            X509Data x509Data = new X509Data(doc); 
+            x509Data.add(data);
+            secRef.setX509IssuerSerial(x509Data);
             break;
 
         case WSConstants.X509_KEY_IDENTIFIER:

Modified: webservices/wss4j/trunk/src/org/apache/ws/security/message/token/SecurityTokenReference.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/message/token/SecurityTokenReference.java?rev=279564&r1=279563&r2=279564&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/message/token/SecurityTokenReference.java
(original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/message/token/SecurityTokenReference.java
Thu Sep  8 06:13:49 2005
@@ -27,7 +27,9 @@
 import org.apache.ws.security.util.WSSecurityUtil;
 import org.apache.xml.security.exceptions.XMLSecurityException;
 import org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial;
+import org.apache.xml.security.keys.content.X509Data;
 import org.apache.xml.security.utils.Base64;
+import org.apache.xml.security.utils.Constants;
 import org.w3c.dom.*;
 
 import java.security.cert.CertificateEncodingException;
@@ -335,7 +337,7 @@
      * @param ref the {@link XMLX509IssuerSerial} to put into this
      *            SecurityTokenReference
      */
-    public void setX509IssuerSerial(XMLX509IssuerSerial ref) {
+    public void setX509IssuerSerial(X509Data ref) {
         Element elem = getFirstElement();
         if (elem != null) {
             this.element.replaceChild(ref.getElement(), elem);
@@ -394,6 +396,9 @@
             return null;
         }
         try {
+            if (Constants._TAG_X509DATA.equals(elem.getLocalName())) {
+                elem = (Element)WSSecurityUtil.findElement(elem, Constants._TAG_X509ISSUERSERIAL,
Constants.SignatureSpecNS);
+            }
             issuerSerial = new XMLX509IssuerSerial(elem, "");
         } catch (XMLSecurityException e) {
             throw new WSSecurityException(WSSecurityException.SECURITY_TOKEN_UNAVAILABLE,
@@ -468,15 +473,33 @@
     }
 
     /**
+     * Method containsX509Data
+     *
+     * @return true if the <code>SecurtityTokenReference</code> contains
+     *         a <code>ds:X509Data</code> element
+     */
+    public boolean containsX509Data() {
+        return this.lengthX509Data() > 0;
+    }
+    /**
      * Method lengthX509IssuerSerial.
      *
      * @return number of <code>ds:IssuerSerial</code> elements in
      *         the <code>SecurtityTokenReference</code>
      */
     public int lengthX509IssuerSerial() {
-        return this.length(WSConstants.SIG_NS, "X509IssuerSerial");
+        return this.length(WSConstants.SIG_NS, Constants._TAG_X509ISSUERSERIAL);
     }
 
+    /**
+     * Method lengthX509Data.
+     *
+     * @return number of <code>ds:IssuerSerial</code> elements in
+     *         the <code>SecurtityTokenReference</code>
+     */
+    public int lengthX509Data() {
+        return this.length(WSConstants.SIG_NS, Constants._TAG_X509DATA);
+    }
     /**
      * Method containsKeyIdentifier.
      *

Modified: webservices/wss4j/trunk/src/org/apache/ws/security/transform/STRTransform.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/transform/STRTransform.java?rev=279564&r1=279563&r2=279564&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/transform/STRTransform.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/transform/STRTransform.java Thu Sep
 8 06:13:49 2005
@@ -210,8 +210,7 @@
             str = (Element) doc.importNode(str, true);
 
             Node parent = tmpEl.getParentNode(); // point to document node
-//            parent.replaceChild(str, tmpEl); // replace STR with new node
-//
+
 
             /*
              * Alert: Hacks ahead
@@ -229,10 +228,11 @@
              * have to remove the fake element. See string buffer operation
              * below.
              */
+//          parent.replaceChild(str, tmpEl); // replace STR with new node
+
             Element tmpEl1 = doc.createElement("temp");
             tmpEl1.setAttributeNS(WSConstants.XMLNS_NS, "xmlns", "urn:X");
             parent.replaceChild(tmpEl1, tmpEl); // replace STR with new node
-
             tmpEl1.appendChild(str);
             // End of HACK 1
 
@@ -244,18 +244,18 @@
             buf = canon.canonicalizeSubtree(doc, "#default");
 
             // If the problem with c14n method is solved then just do:
-
-            /* return new XMLSignatureInput(buf); */
-
-            /*
-             * HACK 2
-             */
             bos = new ByteArrayOutputStream(buf.length);
             bos.write(buf, 0, buf.length);
 
             if (doDebug) {
                 log.debug("after c14n: " + bos.toString());
             }
+
+//            return new XMLSignatureInput(buf);
+
+            /*
+             * HACK 2
+             */
 
             /*
              * Here we delete the previously inserted fake element from the



---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org


Mime
View raw message